Skip to main content

Segment Workspace Key

Description#

General#

  • Documentation: https://segment.com/docs/config-api/
  • Summary: Segment is a Customer Data Platform (CDP). It collects user events from web & mobile apps and provides a complete data toolkit to every team in the company. This detector aims at catching the keys associated to a workspace management.
  • IPs allowlist: There is no IP allowlisting possible.
  • Scopes: Three scopes are available for workspace API keys: read/write, read-only and read-only restricted to some sources.

Revoke the secret#

Keys can be rotated or revoked on Segment's website.

Check for suspicious activity#

There is currently no method to audit a key's usage.

Details for Segment workspace key#

  • Family: Api

  • Category: CRM

  • Company: Segment

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.84

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - segment

Examples#

- text: |    segment     token = d8ZxrEH5fq5dIt3I2MqBCihRpNyvV5Dasv6L_uJjHJE.P7m7-r-moL7wo6jF2IeiUFRcrZ87WIw0tAdNiw8R45I  apikey: d8ZxrEH5fq5dIt3I2MqBCihRpNyvV5Dasv6L_uJjHJE.P7m7-r-moL7wo6jF2IeiUFRcrZ87WIw0tAdNiw8R45I- text: segment  token = d8ZxrEH5fq5dIt3I2MqBCihRpNyvV5Dasv6L_uJjHJE.P7m7-r-moL7wo6jF2IeiUFRcrZ87WIw0tAdNiw8R45I
  apikey: d8ZxrEH5fq5dIt3I2MqBCihRpNyvV5Dasv6L_uJjHJE.P7m7-r-moL7wo6jF2IeiUFRcrZ87WIw0tAdNiw8R45I  filename: some_file.md